How do you perform a backup to an external drive that is TrueCrypted? Do you
just mount a drive on the external hard drive then backup will know to backup
Backing up TrueCrypt volumes and backing up to TrueCrypt volumes tend easily
to confuse people.
Become a Patron of Ask Leo! and go ad-free!
Leo, how do you perform a backup to an external drive that is
TrueCrypted? It might sound stupid, I know. [Leo: No, not at all.]
You just mount a drive on the external hard drive then backup will know
to backup into TrueCrypt?
So it’s actually … TrueCrypted backup is a really interesting combination of things.
First of all, TrueCrypt doesn’t know about backups and backups don’t know about
TrueCrypt. They don’t need to know about each other.
What you have to realize about TrueCrypt is that regardless of how you use
it, the way it manifests to your operating system is as a drive so whether you
have whole drive encryption (which you might be using for your external drive)… I
actually have an external drive; the one I travel with is whole drive
encrypted. Once you mount that drive, and by mount, you actually go through the
process of TrueCrypt specifying a password for that drive so that they can appear
on your system, you can then use it just like any other drive.
So can your backup software. The backup software, if it [the Truecrypt volume] mounts as drive Q:,
then you just tell your backup software to backup to drive Q:. The same thing
for TrueCrypt containers; when you’re not necessarily doing whole drive
encryption, the container… Once the container is mounted, it simply looks like
a drive. I actually, on my desktop machine, I use TrueCrypt, I’ve got like a
200 GB TrueCrypt container file that is my primary workspace and it just looks
like drive F.
So, if I wanted to run a backup, I could tell the backup software to just throw
the backups on drive F and they would basically get thrown into the mounted
TrueCrypt volume that (once it’s dismounted, of course) is encrypted. You can
get at it. So the short answer is, “Sure, no problem.” Just make sure you’re
telling you’re mounting the drive however it is you mount your TrueCrypt
encrypted drives, be they containers or whole drive encryption and then tell
your backup program, ‘Hey, use drive whatever – Q:.’ Then that is the drive that
appeared when you mounted your TrueCrypt drive.
Everything should be just fine. Now one of the other questions commonly the
reverse and that is when I have a bunch of data in a TrueCrypt container as I
do, how should I back that up? Do I back up the container; do I back up the
data? There’s two schools of thought on that. I back up the container. What
that means is and it’s just one file, it’s great.
It’s one file that then contains all of my protected files within it. It’s
not 200 GB, by the way; this is a smaller one. It’s much more manageable for
backing up. The smaller one actually has all of my personal financial things. I
just back up that file. I back it up in multiple places and what’s nice about
that is I don’t need to take any additional security precautions.
I know that container file (if it’s not mounted) is just so much noise.
Everything that’s in the container is protected. The only to get at the
contents of the container is to know the password or in my case, the passphrase
and I ain’t gonna tell you that so that data is safe. The other thing… the
problem with that scenario though, of course, is that in order to access the
data, you need TrueCrypt.
You must have TrueCrypt in order to be able to mount and actually read the
contents of that container that backed up container. So the other school of
thought is mount the container and then back up the files within it. In other
words, if the container shows up as drive Q and those are all your protected
files, back up those files.
The downside there, of course, is that you now must take security
precautions for your backup because your backup now contains unencrypted clear
potentially private files that you normally would want to have encrypted. So
there’s two ways to go about that. Like I said, I tend to choose… I mean
TrueCrypt has proven to me to be so reliable and so ubiquitous that I’m very
happy just backing up a TrueCrypt container file and going from there.